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WHAT IS CLAIMED IS: 

1 1. A method for providing one or more independent auditors an 

2 audit trail having one or more records for a database system, an integrity of the 

3 audit trail being vulnerable to actions taken by an access-privileged user other 

4 than the auditors, the database system having a writing machine (writer) not 

5 under the control of the access-privileged user or the auditors, each record 

6 having a corresponding authentication token and a validation token, the method 

7 comprising: 

8 initiating the audit trail by generating an initial value of an authentication 
Q - -- 9 -token and an initial- value of a validation token based on a first encryption key of " 
ffj 10 a first type (writer public key) generated by the writer and a second encryption 

™ 1 1 key of the first type generated by each Auditor (auditor public key); 

H 12 generating a third encryption key of a second type (writer private key) 

O 1 3 related to the first encryption key and a fourth encryption key of a second type 

14 (auditor private key) related to the second encryption key; 
rf 15 updating the values of the writer private key, the authentication token, 

2 16 and the validation token while integrating the values of the validation token and 

Q 1 7 the writer public key into each corresponding record of the audit trail; and 

18 validating, by the auditor, each record of the audit trail by comparing the 

19 integrated validation token with a newly computed validation token in order to 

20 detect a tampering of the audit trail. 

1 2. The method of claim 1 wherein the step of initiating further 

2 includes storing the initial values of the validation token and the writer public 

3 key in an initial record of the audit trail. 
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3. The method of claim 1 wherein the step of initiating further 
includes: 

concatenating a predetermined identity for the audit trail, and a common 
initialization encryption key generated by the auditor with the auditor public 
key and the writer public key; 

generating the initial value of the validation token through at least one 
hashing process and at least one encryption process using the concatenated 
result, 

wherein the initial value of the authentication token is used as an 
encryption key for the encryption_process. 

4. The method of claim 1 wherein the step of generating further 
includes: 

storing the auditor private key in a first secured storage accessible only by 
the auditor; and 

storing the writer private key in a second secured storage accessible only 
by the writer. 
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1 5. The method of claim 1 wherein the step of updating further 

2 includes: 

3 updating the value of the writer private key; 

4 updating the value of the writer public key based on the updated writer 

5 private key; 

6 updating the value of the authentication token by a hashing process based 

7 on the updated value of the writer private key and the auditor public key; and 

8 updating the value of the validation token through at least a hashing 

9 process and an encryption process, 

1 0 wherein the updated authentication token is used jas an encryption key for 

1 1 the encryption process while updating the value of the validation token. 

1 6. The method of claim 1 wherein the newly computed validation 

2 token is generated by the auditor based on the auditor private key and the writer 

3 public key. 
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1 7. A method for providing at least one independent auditor an audit 

2 trail, the audit trail having one or more records recording actions taken against a 

3 database system, the integrity of the audit trail being vulnerable to actions taken 

4 by an access-privileged user other than the auditor, the database system having a 

5 writing machine (writer) not under the control of the access-privileged user or 

6 the auditor, the method comprising: 

7 integrating into each record a corresponding value of a validation token 

8 generated based on a first pair of public-private encryption keys generated by 

9 the writer and a second pair of public-private encryption keys generated by the 

10 auditor, _ 

1 1 wherein the writer has an access to the public encryption key of the 

12 second pair (auditor public key), and the auditor has an access to the public 

13 encryption key of the first pair (writer public key), 

14 wherein only the writer has an access to the private key of the first pair 

15 (writer private key), and only the auditor has an access to the private key of the 

16 second pair (auditor private key), and 

17 wherein the auditor has the ability to compute the values of the validation 

18 token for the records to verify against the integrated values of the validation 

19 token in order to detect a tampering of the audit trail by the access-privileged 

20 user. 
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1 8. The method of claim 7 wherein the step of integrating further 

2 includes: 

3 initiating the audit trail by generating an initial value of the authentication 

4 token and an initial value of the validation token for an initial record of the audit 

5 trail based on the writer public key and the auditor public key; and 

6 updating the values of the writer private key, the authentication token, 

7 and the validation token, 

8 wherein each updated value of the validation token is integrated into a 

9 corresponding record of the audit trail. 

1 9. The method of claim 8 wherein the step of initiating further includes: 

2 concatenating a predetermined identity for the audit trail, and a common 

3 initialization encryption key generated by the auditor with the auditor public 

4 key and the writer public key; and 

5 generating the initial value of the validation token through at least one 

6 hashing process and at least one encryption process using the concatenated 

7 result, 

8 wherein the initial value of the authentication token is used as an 

9 encryption key for the encryption process. 
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10. The method of claim 9 wherein the step of initiating further 
includes: 

storing the auditor private key, the identity for the audit trail, and the 
initial record in a designated secured information storage accessible only by the 
auditor, 

wherein the stored auditor private key, the identity for the audit trail, and 
the initial record can be retrieved by the auditor and used with the writer public 
key accessible by the auditor to compute the values of the validation token for 
the records to verify against the integrated values of the validation token. 

11. The method of claim 8 wherein the step of updating further 
includes: 

updating the value of the writer private key through a hashing process; 
updating the value of the writer public key based on the updated writer 
private key; 

updating the value of the authentication token by a hashing process based 
on the updated value of the writer private key; and 

updating the value of the validation token through at least a hashing 
process and an encryption process, 

wherein the updated authentication token is used as an encryption key for 
the encryption process while updating the value of the validation token. 
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1 12. A computer program for providing at least one independent 

2 auditor an audit trail, the audit trail having one or more records recording 

3 actions taken against a database system, the integrity of the audit trail being 

4 vulnerable to actions taken by an access-privileged user other than the auditor, 

5 the database system having a writing machine (writer) not under the control of 

6 the access-privileged user or the auditor, the computer program comprising 

7 instructions for: 

8 integrating into each record a corresponding value of a validation token 

9 generated based on a first pair of public-private encryption keys generated by 

1 0 the writer and a second pair of public-pri\^e_encryption keys generated by the 

1 1 auditor, 

12 wherein the writer has an access to the public encryption key of the 

13 second pair (auditor public key), and the auditor has an access to the public 

14 encryption key of the first pair (writer public key), 

1 5 wherein only the writer has an access to the private key of the first pair 

16 (writer private key), and only the auditor has an access to the private key of the 

17 second pair (auditor private key), and 

18 wherein the auditor has the ability to compute the values of the validation 

19 token for the records to verify against the integrated values of the validation 

20 token in order to detect a tampering of the audit trail by the access-privileged 

21 user. 
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13. The computer program of claim 12 wherein the means for 
integrating further includes instructions for: 

initiating the audit trail by generating an initial value of the authentication 
token and an initial value of the validation token for an initial record of the audit 
trail based on the writer public key and the auditor public key; and 

updating the values of the writer private key, the authentication token, 
and the validation token, 

wherein each updated value of the validation token is integrated into a 
corresponding record of the audit trail. 

14. The computer program of claim 13 wherein the means for initiating 
further includes instructions for: 

concatenating a predetermined identity for the audit trail, and a common 
initialization encryption key generated by the auditor with the auditor public 
key and the writer public key; and 

generating the initial value of the validation token through at least one 
hashing process and at least one encryption process using the concatenated 
result, 

wherein the initial value of the authentication token is used as an 
encryption key for the encryption process. 
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1 15. The computer program of claim 14 wherein the means for initiating 

2 further includes instructions for: 

3 storing the auditor private key, the identity for the audit trail, and the 

4 initial record in a designated secured information storage accessible only by the 

5 auditor, 

6 wherein the auditor private key, the identity for the audit trail, and the 

7 initial record can be retrieved by the auditor and used with the writer public key 

8 accessible by the auditor to compute the values of the validation token for the 

9 records to verify against the integrated values of the validation token. 

1 16. The computer program of claim 13 wherein the means for updating 

2 further includes instructions for: 

3 updating the value of the writer private key through a hashing process; 

4 updating the value of the writer public key based on the updated writer 

5 private key; 

6 updating the value of the authentication token by a hashing process based 

7 on the updated value of the writer private key; and 

8 updating the value of the validation token through at least a hashing 

9 process and an encryption process, 

10 wherein the updated authentication token is used as an encryption key for 

1 1 the encryption process while updating the value of the validation token. 
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1 17. A system for providing at least one independent auditor an audit 

2 trail, the audit trail having one or more records recording actions taken against a 

3 database, the integrity of the audit trail being vulnerable to actions taken by an 

4 access-privileged user other than the auditor, the database having a writing 

5 machine (writer) not under the control of the access-privileged user or the 

6 auditor, the system comprising means for: 

7 integrating into each record a corresponding value of a validation token 

8 generated based on a first pair of public-private encryption keys generated by 

9 the writer and a second pair of public-private encryption keys generated by the 

10 auditor, 

1 1 wherein the writer has an access to the public encryption key of the 

12 second pair (auditor public key), and the auditor has an access to the public 

13 encryption key of the first pair (writer public key), 

14 wherein only the writer has an access to the private key of the first pair 

15 (writer private key), and only the auditor has an access to the private key of the 

16 second pair (auditor private key), and 

17 wherein the auditor has the ability to compute the values of the validation 

18 token for the records to verify against the integrated values of the validation 

19 token in order to detect a tampering of the audit trail by the access-privileged 

20 user. 
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18. The system of claim 17 wherein the means for integrating further 
includes means for: 

initiating the audit trail by generating an initial value of the authentication 
token and an initial value of the validation token for an initial record of the audit 
trail based on the writer public key and the auditor public key; and 

updating the values of the writer private key, the authentication token, 
and the validation token, 

wherein each updated value of the validation token is integrated into a 
corresponding record of the audit trail. 

19. The system of claim 18 wherein the means for initiating further 
includes means for: 

concatenating a predetermined identity for the audit trail, and a common 
initialization encryption key generated by the auditor with the auditor public 
key and the writer public key; and 

generating the initial value of the validation token through at least one 
hashing process and at least one encryption process using the concatenated 
result, 

wherein the initial value of the authentication token is used as an 
encryption key for the encryption process. 
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1 20. The system of claim 19 wherein the means for initiating further 

2 includes means for: 

3 storing the auditor private key, the identity for the audit trail, and the 

4 initial record in a designated secured information storage accessible only by the 

5 auditor, 

6 wherein the stored auditor private key, the identity for the audit trail, and 

7 the initial record can be retrieved by the auditor and used with the writer public 

8 key accessible by the auditor to compute the values of the validation token for 

9 the records to verify against the integrated values of the validation token. 

1 21. The system of claim 18 wherein the means for updating further 

2 includes means for: 

3 updating the value of the writer private key through a hashing process; 

4 updating the value of the writer public key based on the updated writer 

5 private key; 

6 updating the value of the authentication token by a hashing process based 

7 on the updated value of the writer private key; and 

8 updating the value of the validation token through at least a hashing 

9 process and an encryption process, 

10 wherein the updated authentication token is used as an encryption key for 

1 1 the encryption process while updating the value of the validation token. 
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